I want to push a msi file to my AD users usign group policy, so a specific package will be installed to the user's machine when they log on to the domain. The command that I inted to run is the following:

Why not just specify the package in software installations? That is the easiest way to deploy MSI packages.

The issue with your script is likely the path for the package. Unless it is in c:\windows\system32\ you will need to specify the path and make sure the users have access. Something like \\server\share\mypackage.msi

Be sure that if you're going to do this, that it will continue to be done that way and keep every version of msi you push out.

I started doing this, then everyone started complaining and not rebooting their computers to avoid it (despite the fact that there were e-mail's detailing that they should reboot at the end of the day to avoid the downtime in the morning). Then management stepped in and made me remove it without it removing the software via GPO.

Now, some of the installs request the old msi, when I'm doing maintenance on a computer and updating or un-installing something that was previously pushed out. In addition if a computer doesn't check in forever and you set an old install to remove, but have deleted the msi from the network since, it may error out.

I started doing this, then everyone started complaining and not rebooting their computers to avoid it (despite the fact that there were e-mail's detailing that they should reboot at the end of the day to avoid the downtime in the morning). Then management stepped in and made me remove it without it removing the software via GPO.

Lol, your office sounds like mine. People whine about it taking 5 minutes to reboot, but it's because they do it once a month and 6 things get uninstalled/installed.

This is a good point though, when you remove software this way you need to leave the policy active until all the machines can remove the software.

KMolloy, out of curiosity, do you know how to know when all computers have removed the software? For the life of me I can't find some sort of list of computers the software was successfully installed on, which would then deplete as computers run the uninstall, so I know when the list is empty and I can remove the msi's.

Seems like tracking it using a separate system like spiceworks is necessary, but then I don't know if it was installed via GPO or manually.

We pushed Acrobat X this way (large for this type of deployment), and I had a user call me once and say there computer was frozen on restart. I asked what the screen said and she responded "Installing Managed Software Adobe Acrobat X...". It had only been 2-3 minutes. It finished while I was on the phone with her

KMolloy, out of curiosity, do you know how to know when all computers have removed the software? For the life of me I can't find some sort of list of computers the software was successfully installed on, which would then deplete as computers run the uninstall, so I know when the list is empty and I can remove the msi's.

Seems like tracking it using a separate system like spiceworks is necessary, but then I don't know if it was installed via GPO or manually.

That I do not know. Most articles about this I have seen have said just wait a reasonable amount of time for all computers to restart. Spiceworks and the individual event log do track this, but like you said you cannot tell how it was uninstalled.

if you want fully silent, use a startup script and not software policy. all the screen will display is "applying startup scripts" or something like that.

inside the script, whack in a new reg key once installed. if regkey exists, bypass the installation. this will allow the script to be ran on every startup, but if the software is installed then bypass installing the software again for speed.

alternatively, rename the software entry when you do use software deployment.

Be sure that if you're going to do this, that it will continue to be done that way and keep every version of msi you push out.

I started doing this, then everyone started complaining and not rebooting their computers to avoid it (despite the fact that there were e-mail's detailing that they should reboot at the end of the day to avoid the downtime in the morning). Then management stepped in and made me remove it without it removing the software via GPO.

Now, some of the installs request the old msi, when I'm doing maintenance on a computer and updating or un-installing something that was previously pushed out. In addition if a computer doesn't check in forever and you set an old install to remove, but have deleted the msi from the network since, it may error out.

urgh - always uninstall apps before re-deploying updates, i hate this kind of administrative mess. I don't even "upgrade" via GPO - uninstall old / install new keep it clean!

Also PDQ Deploy has been gaining quite a few mentions recently on spiceworks forums here and there for software distribution. You can do silent installs using switches like you mention under your user's noses whilst they work. Best of all there's a free version!

How do you handle laptop software installation who do not normally connect to the network in the beginning, and then VPN in from home later (remote users). This is one reason why I havn't implemented GPO installs yet... My experience from about 6 years ago showed me that they're problematic and GPO installs don't hit those computers.

Can anyone shed some light, has this been fixed/looked at in recent years? I'm a 2003/2008 mix right now.

We recently pushed out new production software to all of our machines via group policy and some didn't take but any that I used PsExec to uninstall and install the new software with have not had any issues. I have it setup to push a log file to my machine so when it's done I can read through and verify there weren't any error codes.

It seems like it's easy to push out installs if you assume every computer is on all the time. But with GPO and other professional software deployment utilities it will push out whenever the computer is found on the network again.

For example, the laptop of a salesperson outside the office all the time, only comes into the office once and a while.

It seems like it's easy to push out installs if you assume every computer is on all the time. But with GPO and other professional software deployment utilities it will push out whenever the computer is found on the network again.

For example, the laptop of a salesperson outside the office all the time, only comes into the office once and a while.

Very true, for laptops, we use the VPN or have them log off during lunch or a certain time and I schedule the push that way.

How do you handle laptop software installation who do not normally connect to the network in the beginning, and then VPN in from home later (remote users).

If you need laptops to be able to VPN, updated their GPO, then reboot and install before VPN can be re-connected, maybe you should make the install folder "available offline".

Do you keep 2 sets of files? I have a software drive that everything runs off of. That drive is 50+ gigs as it contains everything I've found to be useful and the programs we use. I can't make that share available offline. None of my keys are in there, so I have it allowed for all users as read only. I'd say about half are local admins (slowly moving them away from that).

I'm trying to find a way so i'm not duplciating any applications or anything so that I don't have to update multiple places.

Have you used offline files before? It does make a 2nd offline copy locally on each computer that needs it, however, it's automatically synced when that computer is re-connected to the network. So you would only have to update one location. The rest would update automatically.

Regarding getting people off being a local admin, what I do is make them a power user, but let them set the password for the local admin account. That way they are still protected from what they do as a user, but still have the option if they must install something on the go.